PR s viJ of a I I I I I NATIONAL BUREAU OF STANDARDS GAITHERSBURG, MARYLAND NOVEMBER 18-20, 1180 TABLE OF CONTENTS Table of Contents i About the Seminar iii About the DoD Computer Security Initiative iv Acknowledgements v Program vi List of Handouts ix "Introduction and Op~ning Remarks," Stephen T. Walker, Chairman, DoD Computer fecurity Technical Consortium A-1 "Opening Remarks," Seymour Jeffery, National Bureau of Standards B-1 "DoD Computer Security Initiative," Stephen T. Walker, Chairman, DoD Computer Security Technical Consortium C-1 "Honeywell Trusted ADP Systems," Irma Wyman, Honeywell D-1 "Computer Security Research at Digital," Paul A. Karger, Digital Equipment Corporation E-1 "Security and Protection of Data in the IBM System/38," Viktors Berstis, IBM F-1 "Gnosis: A Secure Capability Based 370 Operating System," Jay Jonekait, TYMSHARE, Inc. G-1 "Computer Security Developments at Sperry Univac," Theodore M. P. Lee, Sperry-Univac H-1 Panel: "How Can the Government and the Computer Industry Solve the Computer Security Problem?" Ted Lee, Sperry-Univac, Jim Anderson, James P. Anderson, Inc., Steve Lipner, MITRE, Marvin Schaefer, System Development Corporation, Bill Eisner, CIA I-1 "Quality Assurance and Evaluation Criteria," Grace H. Nibaldi, MITRE Corporation J-1 "Specification and Verification Overview," William F. Wilson, MITRE Corporation K-1 i "FIM: A Formal Methodology for Software Development," Richard Kemmerer, System Development Corporation L-1 "Building Verified Systems with Gypsy," Donald I. Good, University of Texas M-1 "An Informal View of the HDM Computational Model," Karl N. Levitt, Stanford Research Institute International, Inc. N-1 "AFFIRM: A Specification and Verification System," Susan L. Gerhart, University of Southern California Information Information Sciences Institute 0-1 "An Overview of Software Testing," Mary Jo Reece, MITRE Corporation P-1 "Update on KSOS," John Nagle, Ford Aerospace and Communications Corporation Q-1 "Assurance Practices in KVM/370," Marvin Schaefer, R-1 System Development Corporation "Kernelized Secure Operating System (KSOS-6)," Charles H. Bonneau, Honeywell S-1 ii Third Seminar on the DEPARTMENT OF DEFENSE COMPUTER SECURITY INITIATIVE November 18-20, 1980 National Bureau of Standards Gaithersburg, Maryland ABOUT THE SEMINAR This is the third in a series of seminars to acquaint computer system developers and users with the status of "trusted"* ADP system developments within the Department of Defense and current planning for the integrity evaluation of commercial implementations of similar systems. The two previous seminars have stressed user requirements for trusted computer systems within both the government and private sector. The first day of this seminar includes presentations by five computer manufacturers of the trusted system development activities within their organizations. Following these presentations there will be a panel discussion on "How can the government and the .computer industry solve the computer security problem?" Panelists are drawn from industry and government. The second day of the seminar opens with a discussion of the technical evaluation criteria that have been proposed as a basis for determining the relative merits of computer systems. The assurance aspects of those criteria provide the context for the second and third days of the seminar. After the context has been set, we provide an introduction to formal specification and verification technology to include descriptions of the basic types of formal specification and the implications of design and program verification. Representatives of several prominent specification and verification research groups will then discuss their systems. As a way of rounding out the assurance criteria and providing further context for the later talks, the opening talk on the third day discusses software testing techniques. Current acquisition program testing approaches are contrasted with the formal verification techniques discussed on the second day, emphasizing the role of such testing in revealing errors which formal verification cannot detect today. Then the developers of the DoD-sponsored trusted systems will discuss the techniques they have used to assure a quality product. The seminar will conclude with a panel discussion on "Where should you put your assurance dollars?" Panelists are drawn from the verification, development and testing communities. *A "trusted" ADP system is one which employs sufficient hardware and software integrity measures to allow its use for simultaneously processing multiple levels of classified and/or sensitive information. iii ABOUT THE DOD COMPUTER SECURITY INITIATIVE The Department of Defense (DoD) Computer Security Initiative was established in 1978 by the Assistant Secretary of Defense for Communications, Command, Control and Intelligence to achieve the widespread availability of "trusted" ADP systems for use within the_ DoD. Widespread availability implies the use of commercially developed trusted ADP systems whenever possible. Recent DoD research activities are demonstrating that trusted ADP systems can be developed and successfully employed in sensitive information handling environments. In addition to these demonstration systems, a technically sound and consistent evaluation procedure must be established for determining the environments for which a particular trusted system is suitable. The Computer Security Initiative is attempting to foster the development of trusted ADP systems through technology transfer efforts and to define reasonable ADP system evaluation procedures to be applied to both government and commercially developed trusted ADP systems. This seminar is the third in a series which constitutes an essential element in the Initiative Technology Transfer Program. The NBS Institute for Computer Sciences and Technology, through its Computer Security and Risk Management Standards program, seeks new technology to satisfy Federal ADP security requirements. The Institute then promulgates acceptable and cost effective technology in Federal Information Processing Standards and Guidelines. The Institute is pleased to assist the Department of Defense in transferring the interim results of its research being conducted under the Computer Security Initiative. iv ACKNOWLEDGMENTS A number of people in and outside of the DoD Computer Security Technical Consortium have helped to make this seminar a success. At the MITRE Corporation, Grace Nibaldi and Bill Wilson helped to organize the speakers; Karen Borgeson and Dianne Mazzone managed registration, and Annie Discepolo and George Huff prepared some of the handouts. Also, we are grateful to Jo Ann Lorden and Greta Pignone of NBS for arranging the splendid facilities. DISCLAIMER The presentations in this proceedings are provided for your information. They should not be interpreted as necessarily representing_the official view or carrying any endorsement, either expressed or implied, of the Department of Defense or the United States Government. S~UdL Stephen T. Walker, Chairman Computer Security Technical Consortium PROGRAM November 18, 1980 Red Auditorium 9:15 Opening Remarks Seymour Jeffery, Institute for Computer Sciences & Technology National Bureau of Standards DOD Computer Security Initiative Stephen T. Walker, Chairman DOD Computer Security Technical Consortium INDUSTRY TRUSTED SYSTEM ACTIVITIES Paul A. Karger Digital Equipment Corporation 10:45 Break 11:00 INDUSTRY TRUSTED SYSTEM ACTIVITIES -Continued Irma Wyman Honeywell Viktors Berstis IBM Jay Jonekait TYMSHARE, Inc. Theodore M. P. Lee Sperry-Univac 1:00 Lunch 2:00 PANEL: "How Can the Government and the Computer Industry Solve the Computer Security Problem?" Theodore M. P. Lee, Sperry Univac James P. Anderson, Consultant William Eisner, Central Intelligence Agency Steven P. Lipner, Mitre Corporation Marvin Schaefer, System Development Corporation 3:00 Break 3:15 PANEL- Continued 4:30 Adjourn vi November 19, 1980 Red Auditorium 9:00 "Quality Assurance and Evaluation Criteria" Grace H. Nibaldi Mitre Corporation 9:50 "Specification and Verification Overview" William F. Wilson Mitre Corporation 10:45 Break SPECIFICATION AND VERIFICATION SYSTEMS 11:00 "FDM: A Formal Methodology for Software Development" Richard Kemmerer System Development Corporation 12:00 "Building Verified Systems with Gypsy" Donald I. Good University of Texas 1:00 Lunch SPECIFICATION AND VERIFICATION SYSTEMS - Continued 2:00 "An Informal View of HDM 0 s Computational Model" Karl N. Levitt SRI International 3:00 Break 3: 15 "AFFIRM: A Specification and Verification System" Susan L. Gerhart USC Information Sciences Institute 4:15 Adjourn vii November 20, 1980 Red Auditorium 9:00 "An Overview of Software Testing" Mary Jo Reece Mitre Corporation THE EXPERIENCES OF TRUSTED SYSTEM DEVELOPERS 9:45 "Update on KSOS" John Nagle Ford Aerospace and Communications Corporation 10:45 Break 11:00 KVM/370 Marvin Schaefer System Development Corporation 12:00 "Kernelized Secure Operating System (KSOS-6)" Charles H. Bonneau Honeywell 1:00 Lunch 2:00 PANEL: "Where Would You Put Your Assurance Dollars?" Panelists: Developers, Researchers, & Testers 3:00 Break 3:15 PANEL- Continued 4:15 Adjourn vii;i. LIST OF HANDOUTS In addition to the information documented in these Proceedings, the following materials were made available at the Seminar: Computer Security Initiative Program Trusted Systems Bibliography. Computer Security Initiative Program Glossary. M. H. Cheheyl, M. Gasser, G. A. Huff, J. K. Millen, "Secure System Specification
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages203 Page
-
File Size-